As the security landscape gets really dynamic and threat landscapes increase, there is a big need in change the way business owners think in improving their security architecture and design.
1. Develop basic security and policy standards
2. Establish an asset inventory ( yes you know where this came from; the SANS Top 20 CC)
3. Establish Information Security leads
4. Implement an Enterprise Risk Committee
5. Define a common approach to risk calculations
6. Establish a threat and vulnerability assessment program
7. Establish a compliance to standards review process
8. Conduct basic risk assessments for vendors
9. Implement a risk and assessment tracking system
10. Launch a risk awareness campaign.
Given all the points above, we can always fall short to follow up on one of this ten points in implementing the RBA (Risk based approach). To counter this, we can implement AGILE to run active follow ups and improve the maturity of the security space in the organisation. So one might ask. what is AGILE? AGILE is …
Yes its a dynamic and iterative method of managing a project. It complements with the dynamism of the security and risk space in the current age.
So, are you ready to implement this marriage of two systems into your organisation?